• Hi, Pleskians! We are running a UX testing of our upcoming product intended for server management and monitoring.
    We would like to invite you to have a call with us and have some fun checking our prototype. The agenda is pretty simple - we bring new design and some scenarios that you need to walk through and succeed. We will be watching and taking insights for further development of the design.
    If you would like to participate, please use this link to book a meeting. We will sent the link to the clickable prototype at the meeting.
  • (Plesk for Windows):
    MySQL Connector/ODBC 3.51, 5.1, and 5.3 are no longer shipped with Plesk because they have reached end of life. MariaDB Connector/ODBC 64-bit 3.2.4 is now used instead.
  • The Horde webmail has been deprecated. Its complete removal is scheduled for April 2025. For details and recommended actions, see the Feature and Deprecation Plan.

Issue IP Access restriction - locked out of PLESK

weareimpulse

weareimpulse

Basic Pleskian
Server operating system version
Ubuntu 22.04.5 LTS
Plesk version and microupdate number
Plesk Obsidian 18.0.65 Update #2 Web Host Edition
can anyone help please...

the IP Access restriction feature was added to one of our servers, however, the person who added it did this whilst using a dynamic IP - rather than our static, and now we're locked out.

We have SSH access, so is there a way to add an IP via this to gain PLESK access, or maybe disable the feature so we can get in and set it up properly?

Many thanks...
 
weareimpulse said:
Legend. many thanks :)
Click to expand...
@weareimpulse

It is not a good thing to (only) use the "Restrict Administrative Access" functionality.

The best way is to setup Plesk Firewall extension with :

1 - SSH : allow access to IPs chosen, deny all others

2 - Plesk Panel : allow access to IPs chosen, deny all others

and please do

3 - remove the IPs from "Restrict Administrative Access" functionality - otherwise, this will become a potential problem in the near future,

4 - NOT use dynamic IP addresses with netmasks - it is possible, but if often fails (for many reasons) and it also increase the attack surface!

5 - CREATE a cloud based (cheap) VM with a STATIC IP - this can be stopped/started at all times, hence granting you a fail-over access point

6 - STOP the cloud based VM when you are not using it - only start it when you are locked from Plesk and cannot access Plesk anymore


The simple rule here is : only grant 1 or 2 IPs access to SSH and Plesk Administrative interface, with a VM with a (static) IP as a fail-over access point.

In general, it is a good idea to limit the fail-over access point to SSH, since it is more important to have access to the server itself (via SSH) than having access to Plesk Administrative interface (which interface cannot help you in all scenario's - it only covers most of the lock out scenarios!)


I hope the above helps!


Kind regards....


PS If you run 2 or more dedicated servers, then there is no need for cloud based VMs. However, it still is a good idea, for instance when you run all servers in one and the same datacenter!
 
You must log in or register to reply here.

Similar threads

WhiteTiger
Question Access from a static IP is not allowed
Replies
0
Views
264
WhiteTiger
WhiteTiger
C
Question Scripting access to restricted directories through user email registration
Replies
1
Views
527
Martin Dias
Martin Dias
T
Question Restrict the access to Home Directory via SFTP
Replies
6
Views
598
Thomas Oryon
T
F
Question Whitelisting IPs in Firewall > How to include our dynamic IP?
Replies
1
Views
1K
scsa20
scsa20
H
Question SSH user can see other subdomain directories even with chrooted shell?
Replies
3
Views
314
Raul A.
R
Back
Top